[oCERT-2008-008] multiple heap overflows in xine-lib

The xine free multimedia player suffers from a number of vulnerabilities
ranging in severity. The worst of these vulnerabilities results in
arbitrary code execution and the least, in unexpected process
termination.

Five heap buffer overflows exist in parsing of real audio files, id3
tags, qt mov files, and matroska headers which all can result in
arbitrary code execution.

Three additional heap buffer overflows occur in mng, mod, and real
handling which are potentially exploitable.

Seven additional issues were identified in the input plugins as well as
the real, qt, and matroska demuxers which result in process termination
or memory corruption that may have wider implications.

The oCERT team was contacted by the Xine project requesting a review of
some code changes relating to memory allocations. These vulnerabilities
were the findings of this requested analysis. The full analysis text can
be found in the references below.